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CLAIMS 



A method of controlling usage of network resources of a communications network by a 



user beyond a network device of the communications network that serves as the user's entry 
point to the communications network, the method comprising acts of: 

(A) configuring a port module of the network device with one or more packet rules 
corresponding to an identity of the user; 

(B) receiving packet from a device used by the user at the port module; and 

(C) before using any of the network resources beyond the network device, applying the 
one or more packet rules to the received packet. 



2. The method of claim 1, further comprising: 

(D) prior to act (A)\ authenticating the identity of the user, wherein act (A) results from 
the authentication. \ 

3. The method of claim L further comprising an act of: 

(D) repeating act (C) for all packets received at the port module until the user logs off of 
the communications network. \ 

4. The method of claim 1, wlaerein the port module is dedicated to the device of the user 
until the user logs off of the comiminications network. 

5. The method of claim 1, the method further comprising: 

(D) selecting the one or more packet rules based on the identity of the user. 

6. The method of claim 5, whereimthe identity of the user is associated with a role assigned 
to the user, and the role is associated witla the one or more packet rules, and wherein act (D) 
comprises: \ 

selecting the one or more packet rules based on the role. 
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7. The method of claim 6, wherein act (A) further comprises: 
configuring the port module according to the role. 

8. The method ©f claim 1, wherein the method further comprises an act of: 
(D) routing the packet based on the one or more packet rules. 

9. The method of qlaim 1, wherein the method further comprises an act of: 

(D) preventing tn|e packet from being transmitted onto a transmission medium of the 
communications networkWsed on the one or more packet rules. 



10. The method of claim 1, wherein act (C) comprises: 
configuring the packet based on the one or more packet rules. 

1 1 . The method of claim 10, wherein configuring the packet comprises an act of: 
changing information included in the received packet. 

12. The method of claim 10, wherein configuring the packet comprises an act of: 
adding information to the received packet. 

13. The method of claim 1, wher&in the method further comprises an act of: 

(D) controlling an amount of bandwidth on the communications network consumed by 
the user based on the one or more packet rules. 

14. The method of claim 1, wherein the method further comprises an act of: 
(D) controlling access to devices residing on the communications network based on the 

one or more packet rules. 

15. The method of claim 1, wherein the mathod further comprises an act of: 
(D) controlling access to information stqred on devices residing on the communications 

network based on the one or more packet rules. 



593722-1 



-47- 



Attorney Docket No^K)378.70179/JHM/DPM 



llwo 



FiMJbn: February 8, 2002 



16. The methodpf claim 1, wherein the method further comprises an act of: 

(D) controlling access to at least a portion of an application stored on a device residing on 
the communications network based on the one or more packet rules. 
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17. A network device serving as an entry point to a communications network for a user and 
operative to control usagfe of network resources by the user beyond the network device, the 
network device comprising: 

a port module including port configuration logic to configure the port module with one or 
more packet rules corresponding to an identity of the user, a physical port to receive a packet 
from a device.of the_user and rale application.logic to apply the„one _o_r_more_packet rules_to the 
received packet before using an\ of the network resources beyond the network device. 
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18. The system of claim 17, further comprising: 
authentication logic to authenticate the identity of the user, wherein the configuration 

logic is operative to configure the po\ module in response to the authentication. 

19. The system of claim 17, whereirKthe rule application logic is operative to apply the one or 
more packet rules to all packets received Vrom the device of the user at the port module until the 
user logs off of the communications network. 



ry 



20. The system of claim 17, wherein the Aort module is dedicated to the device of the user 
until the user logs off of the communications nfetwork. 
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21 . The system of claim 17, wherein the port Configuration logic is operative to select the one 
or more packet rules based on the identity of the user. 
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22. The system of claim 21, wherein the identity <3f the user is associated with a role assigned 
to the user, and the role is associated with the one or mare packet rules, and wherein the port 
configuration logic is operative to select the one or more packet rules based on the role. 



593722-1 



-48- 




Attorney Docket No. 1^578.701 79/ JHM/DPM FildSln: February 8, 2002 



23. The sysr^m of claim 22, wherein the port configuration logic is operative to configure the 
port module according to the role. 

\ 

24. The system W claim 1 7, wherein the port module is operative to route the packet based 
on the one or more packet rules. 

25. The system of claim 17, wherein the port module is operative to prevent the packet from 
being transmitted onto a\ransmission medium of the communications network based on the one 
or more packet rules. 



26. The system of claim 17, wherein the rule application logic is operative to configure the 
packet based on the one or mqre packet rules. 

27. The system of claim 26, Wherein the rule application logic is operative to configure the 
packet by changing information included in the received packet. 

28. The system of claim 26, wherein the rule application logic is operative to configure the 
packet by adding information to the received packet. 

29. The system of claim 17, whereiAthe port module is operative to control an amount of 
bandwidth on the communications network consumed by the user based on the one or more 
packet rules. 

30. The system of claim 17, wherein the Aort module is operative to control access to devices 
residing on the communications network based on the one or more packet rules. 

31. The system of claim 17, wherein the port module is operative to control access to 
information stored on devices residing on the communications network based on the one or more 
packet rules. 
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32. The sj^tem of claim 17, wherein the port module is operative to control access to at least 
a portion of an Vpplication stored on a device residing on the communications network based on 
the one or more packet rules. 

33. A networkAdevice serving as an entry point to a communications network for a user, the 
network device operative to control usage of network resources beyond the network device by 
the user and comprising: 

a port module\including a physical port to receive a packet from a device used by the user 
and rule application logic to apply one or more packet rules to the received packet before using 
any of the net work resour ces beyond the n et work device; and 

means for configuring the port module with the one or more packet rules based on an 
identity of the user; \ 

34. A computer prograiA product, comprising: 
a computer-readable medium; and 

computer-readable signals stored on the computer-readable medium that define 
instructions that, as a result of Being executed by a computer, instruct the computer to perform a 
process of controlling usage of network resources of a communications network by a user 
beyond a network device of the communications network that serves as the user's entry point to 
the communications network, the process comprising acts of: 

(A) configuring a port module of the network device with one or more packet rules 
corresponding to an identity of the user; 

(B) receiving a packet from a ate vice used by the user at the port module; and 

(C) before using any of the network resources beyond the network device, applying the 
one or more packet rules to the received packet. 

35. A method of controlling usage of network resources of a communications network by a 
user, wherein the user has an assigned role with respect to the communications network, and the 
assigned role is associated with one or more packet rules, each packet rule including a condition 
and action to be taken if a packet received at a \tevice satisfies the condition, the method 
comprising acts of: \ 
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(A) receiving a packet including identification information of the user from a device of 
the user at a port module of a network device; 

(B) determining the assigned role of the user based on the identification information; and 

(C) configuring the port module with the one or more packet rules associated with the 
assigned role of the user. 

36. The method of clain»35, wherein the network device serves as an entry point to the 
communications netvWk for the user. 

37. the method of claim\35, wherein user information about the user is stored on a computer- 
readable medium residing on the communications network, the user information including 
identification information and the assigned role of the user, and act (B) further comprises acts of: 

accessing the stored user information to determine if the identification information 
included therein matches the identification information included in the received packet; and 

if it is determined that tha stored identification information matches the received 
identification information, deterrrijning the assigned role from the stored user information. 

38. The method of claim 35, turtner comprising: 

(D) assigning the assigned role to the user. 

39. The method of claim 35, further comprising: 
(D) authenticating the identity oithe user. 



40. A system for controlling usage of network resources of a communications network by a 
user, wherein the user has an assigned role with respect to the communications network, and the 
assigned role is associated with one or moreWcket rules, each packet rule including a condition 
and action to be taken if a packet received at \ device satisfies the condition, the system 
comprising: 

a port module including a physical port Vo receive a packet including identification 
information of the user from a device of the usenand port configuration logic to configure the 
port module with the one or more packet rules associated with the assigned role of the user; and 
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an authentication module to determine the assigned role of the user based on the 
identification information. 

41 . The system of claim 40, wherein the port module serves as an entry point to the 
communications network for the user. 

42. The system of cmirn 40, wherein user information about the user is stored on a computer- 
readable medium residing on the communications network, the user information including 
identification information and the assigned role of the user, and 

wherein the authentication module is operative to control accessjng^ the stored user 

information to determine if tire identification information included therein matches the 
identification information included in the received packet, and to determine the assigned role 
from the stored user information if it is determined that the stored identification information 
matches the received identification information. 

43. The system of claim 40, further comprising: 
assigning logic to assign the assigned role to the user. 

44. The system of claim 40, the authentication module is operative to authenticate the 
identity of the user. \ 

45. A system for controlling usage of network resources of a communications network by a 
user, wherein the user has an assigned role with respect to the communications network, and the 
assigned role is associated with one or more packet rules, each packet rule including a condition 
and action to be taken if a packet received at a ctevice satisfies the condition, the system 
comprising: \ 

a port module including a physical port to receive a packet including identification 
information of the user from a device of the user ana port configuration logic to configure the 
port module with the one or more packet rules associated with the assigned role of the user; and 

means for determining the assigned role of the user based on the identification 
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46. A computer program product, comprising: 
a combuter-readable medium; and 

computer-readable signals stored on the computer-readable medium that define 
instructions thaAas a result of being executed by a computer, instruct the computer to perform a 
process of controlling usage of network resources of a communications network by a user, 
wherein the user has an assigned role with respect to the communications network, and the 
assigned role is associated with one or more packet rules, each packet rule including a condition 
_ and .action to be taken if a packet recei ved_a^a device satisfies the condition^ the process 
comprising acts of: \ 

(A) receiving a packet including identification information of the user from a device of 
the user at a port module of a network device; 

(B) determining the assigned role of the user based on the identification information; and 

(C) configuring the port module with the one or more packet rules associated with the 
assigned role of the user. \ 
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